78c23aa5115a8921c3f59bd688f17a79b26007ec
[reactos.git] / dll / 3rdparty / libtiff / tif_read.c
1 /*
2 * Copyright (c) 1988-1997 Sam Leffler
3 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
4 *
5 * Permission to use, copy, modify, distribute, and sell this software and
6 * its documentation for any purpose is hereby granted without fee, provided
7 * that (i) the above copyright notices and this permission notice appear in
8 * all copies of the software and related documentation, and (ii) the names of
9 * Sam Leffler and Silicon Graphics may not be used in any advertising or
10 * publicity relating to the software without the specific, prior written
11 * permission of Sam Leffler and Silicon Graphics.
12 *
13 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
14 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
15 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
16 *
17 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
18 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
19 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
20 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
21 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
22 * OF THIS SOFTWARE.
23 */
24
25 /*
26 * TIFF Library.
27 * Scanline-oriented Read Support
28 */
29 #include <precomp.h>
30 //#include <stdio.h>
31
32 #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
33 #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
34
35 int TIFFFillStrip(TIFF* tif, uint32 strip);
36 int TIFFFillTile(TIFF* tif, uint32 tile);
37 static int TIFFStartStrip(TIFF* tif, uint32 strip);
38 static int TIFFStartTile(TIFF* tif, uint32 tile);
39 static int TIFFCheckRead(TIFF*, int);
40 static tmsize_t
41 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,const char* module);
42 static tmsize_t
43 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module);
44
45 #define NOSTRIP ((uint32)(-1)) /* undefined state */
46 #define NOTILE ((uint32)(-1)) /* undefined state */
47
48 #define INITIAL_THRESHOLD (1024 * 1024)
49 #define THRESHOLD_MULTIPLIER 10
50 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
51
52 /* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset'
53 * Returns 1 in case of success, 0 otherwise. */
54 static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size,
55 tmsize_t rawdata_offset,
56 int is_strip, uint32 strip_or_tile,
57 const char* module )
58 {
59 #if SIZEOF_SIZE_T == 8
60 tmsize_t threshold = INITIAL_THRESHOLD;
61 #endif
62 tmsize_t already_read = 0;
63
64 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
65 /* so as to avoid allocating too much memory in case the file is too */
66 /* short. We could ask for the file size, but this might be */
67 /* expensive with some I/O layers (think of reading a gzipped file) */
68 /* Restrict to 64 bit processes, so as to avoid reallocs() */
69 /* on 32 bit processes where virtual memory is scarce. */
70 while( already_read < size )
71 {
72 tmsize_t bytes_read;
73 tmsize_t to_read = size - already_read;
74 #if SIZEOF_SIZE_T == 8
75 if( to_read >= threshold && threshold < MAX_THRESHOLD &&
76 already_read + to_read + rawdata_offset > tif->tif_rawdatasize )
77 {
78 to_read = threshold;
79 threshold *= THRESHOLD_MULTIPLIER;
80 }
81 #endif
82 if (already_read + to_read + rawdata_offset > tif->tif_rawdatasize) {
83 uint8* new_rawdata;
84 assert((tif->tif_flags & TIFF_MYBUFFER) != 0);
85 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64(
86 (uint64)already_read + to_read + rawdata_offset, 1024);
87 if (tif->tif_rawdatasize==0) {
88 TIFFErrorExt(tif->tif_clientdata, module,
89 "Invalid buffer size");
90 return 0;
91 }
92 new_rawdata = (uint8*) _TIFFrealloc(
93 tif->tif_rawdata, tif->tif_rawdatasize);
94 if( new_rawdata == 0 )
95 {
96 TIFFErrorExt(tif->tif_clientdata, module,
97 "No space for data buffer at scanline %lu",
98 (unsigned long) tif->tif_row);
99 _TIFFfree(tif->tif_rawdata);
100 tif->tif_rawdata = 0;
101 tif->tif_rawdatasize = 0;
102 return 0;
103 }
104 tif->tif_rawdata = new_rawdata;
105 }
106
107 bytes_read = TIFFReadFile(tif,
108 tif->tif_rawdata + rawdata_offset + already_read, to_read);
109 already_read += bytes_read;
110 if (bytes_read != to_read) {
111 memset( tif->tif_rawdata + rawdata_offset + already_read, 0,
112 tif->tif_rawdatasize - rawdata_offset - already_read );
113 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
114 if( is_strip )
115 {
116 TIFFErrorExt(tif->tif_clientdata, module,
117 "Read error at scanline %lu; got %I64u bytes, "
118 "expected %I64u",
119 (unsigned long) tif->tif_row,
120 (unsigned __int64) already_read,
121 (unsigned __int64) size);
122 }
123 else
124 {
125 TIFFErrorExt(tif->tif_clientdata, module,
126 "Read error at row %lu, col %lu, tile %lu; "
127 "got %I64u bytes, expected %I64u",
128 (unsigned long) tif->tif_row,
129 (unsigned long) tif->tif_col,
130 (unsigned long) strip_or_tile,
131 (unsigned __int64) already_read,
132 (unsigned __int64) size);
133 }
134 #else
135 if( is_strip )
136 {
137 TIFFErrorExt(tif->tif_clientdata, module,
138 "Read error at scanline %lu; got %llu bytes, "
139 "expected %llu",
140 (unsigned long) tif->tif_row,
141 (unsigned long long) already_read,
142 (unsigned long long) size);
143 }
144 else
145 {
146 TIFFErrorExt(tif->tif_clientdata, module,
147 "Read error at row %lu, col %lu, tile %lu; "
148 "got %llu bytes, expected %llu",
149 (unsigned long) tif->tif_row,
150 (unsigned long) tif->tif_col,
151 (unsigned long) strip_or_tile,
152 (unsigned long long) already_read,
153 (unsigned long long) size);
154 }
155 #endif
156 return 0;
157 }
158 }
159 return 1;
160 }
161
162
163 static int
164 TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart )
165 {
166 static const char module[] = "TIFFFillStripPartial";
167 register TIFFDirectory *td = &tif->tif_dir;
168 tmsize_t unused_data;
169 uint64 read_offset;
170 tmsize_t to_read;
171 tmsize_t read_ahead_mod;
172 /* tmsize_t bytecountm; */
173
174 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
175 return 0;
176
177 /*
178 * Expand raw data buffer, if needed, to hold data
179 * strip coming from file (perhaps should set upper
180 * bound on the size of a buffer we'll use?).
181 */
182
183 /* bytecountm=(tmsize_t) td->td_stripbytecount[strip]; */
184
185 /* Not completely sure where the * 2 comes from, but probably for */
186 /* an exponentional growth strategy of tif_rawdatasize */
187 if( read_ahead < TIFF_TMSIZE_T_MAX / 2 )
188 read_ahead_mod = read_ahead * 2;
189 else
190 read_ahead_mod = read_ahead;
191 if (read_ahead_mod > tif->tif_rawdatasize) {
192 assert( restart );
193
194 tif->tif_curstrip = NOSTRIP;
195 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
196 TIFFErrorExt(tif->tif_clientdata, module,
197 "Data buffer too small to hold part of strip %lu",
198 (unsigned long) strip);
199 return (0);
200 }
201 }
202
203 if( restart )
204 {
205 tif->tif_rawdataloaded = 0;
206 tif->tif_rawdataoff = 0;
207 }
208
209 /*
210 ** If we are reading more data, move any unused data to the
211 ** start of the buffer.
212 */
213 if( tif->tif_rawdataloaded > 0 )
214 unused_data = tif->tif_rawdataloaded - (tif->tif_rawcp - tif->tif_rawdata);
215 else
216 unused_data = 0;
217
218 if( unused_data > 0 )
219 {
220 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
221 memmove( tif->tif_rawdata, tif->tif_rawcp, unused_data );
222 }
223
224 /*
225 ** Seek to the point in the file where more data should be read.
226 */
227 read_offset = td->td_stripoffset[strip]
228 + tif->tif_rawdataoff + tif->tif_rawdataloaded;
229
230 if (!SeekOK(tif, read_offset)) {
231 TIFFErrorExt(tif->tif_clientdata, module,
232 "Seek error at scanline %lu, strip %lu",
233 (unsigned long) tif->tif_row, (unsigned long) strip);
234 return 0;
235 }
236
237 /*
238 ** How much do we want to read?
239 */
240 if( read_ahead_mod > tif->tif_rawdatasize )
241 to_read = read_ahead_mod - unused_data;
242 else
243 to_read = tif->tif_rawdatasize - unused_data;
244 if( (uint64) to_read > td->td_stripbytecount[strip]
245 - tif->tif_rawdataoff - tif->tif_rawdataloaded )
246 {
247 to_read = (tmsize_t) td->td_stripbytecount[strip]
248 - tif->tif_rawdataoff - tif->tif_rawdataloaded;
249 }
250
251 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
252 if( !TIFFReadAndRealloc( tif, to_read, unused_data,
253 1, /* is_strip */
254 0, /* strip_or_tile */
255 module) )
256 {
257 return 0;
258 }
259
260 tif->tif_rawdataoff = tif->tif_rawdataoff + tif->tif_rawdataloaded - unused_data ;
261 tif->tif_rawdataloaded = unused_data + to_read;
262
263 tif->tif_rawcc = tif->tif_rawdataloaded;
264 tif->tif_rawcp = tif->tif_rawdata;
265
266 if (!isFillOrder(tif, td->td_fillorder) &&
267 (tif->tif_flags & TIFF_NOBITREV) == 0) {
268 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
269 TIFFReverseBits(tif->tif_rawdata + unused_data, to_read );
270 }
271
272 /*
273 ** When starting a strip from the beginning we need to
274 ** restart the decoder.
275 */
276 if( restart )
277 {
278
279 #ifdef JPEG_SUPPORT
280 /* A bit messy since breaks the codec abstraction. Ultimately */
281 /* there should be a function pointer for that, but it seems */
282 /* only JPEG is affected. */
283 /* For JPEG, if there are multiple scans (can generally be known */
284 /* with the read_ahead used), we need to read the whole strip */
285 if( tif->tif_dir.td_compression==COMPRESSION_JPEG &&
286 (uint64)tif->tif_rawcc < td->td_stripbytecount[strip] )
287 {
288 if( TIFFJPEGIsFullStripRequired(tif) )
289 {
290 return TIFFFillStrip(tif, strip);
291 }
292 }
293 #endif
294
295 return TIFFStartStrip(tif, strip);
296 }
297 else
298 {
299 return 1;
300 }
301 }
302
303 /*
304 * Seek to a random row+sample in a file.
305 *
306 * Only used by TIFFReadScanline, and is only used on
307 * strip organized files. We do some tricky stuff to try
308 * and avoid reading the whole compressed raw data for big
309 * strips.
310 */
311 static int
312 TIFFSeek(TIFF* tif, uint32 row, uint16 sample )
313 {
314 register TIFFDirectory *td = &tif->tif_dir;
315 uint32 strip;
316 int whole_strip;
317 tmsize_t read_ahead = 0;
318
319 /*
320 ** Establish what strip we are working from.
321 */
322 if (row >= td->td_imagelength) { /* out of range */
323 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
324 "%lu: Row out of range, max %lu",
325 (unsigned long) row,
326 (unsigned long) td->td_imagelength);
327 return (0);
328 }
329 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) {
330 if (sample >= td->td_samplesperpixel) {
331 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
332 "%lu: Sample out of range, max %lu",
333 (unsigned long) sample, (unsigned long) td->td_samplesperpixel);
334 return (0);
335 }
336 strip = (uint32)sample*td->td_stripsperimage + row/td->td_rowsperstrip;
337 } else
338 strip = row / td->td_rowsperstrip;
339
340 /*
341 * Do we want to treat this strip as one whole chunk or
342 * read it a few lines at a time?
343 */
344 #if defined(CHUNKY_STRIP_READ_SUPPORT)
345 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
346 return 0;
347 whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10
348 || isMapped(tif);
349 if( td->td_compression == COMPRESSION_LERC ||
350 td->td_compression == COMPRESSION_JBIG )
351 {
352 /* Ideally plugins should have a way to declare they don't support
353 * chunk strip */
354 whole_strip = 1;
355 }
356 #else
357 whole_strip = 1;
358 #endif
359
360 if( !whole_strip )
361 {
362 /* 16 is for YCbCr mode where we may need to read 16 */
363 /* lines at a time to get a decompressed line, and 5000 */
364 /* is some constant value, for example for JPEG tables */
365 if( tif->tif_scanlinesize < TIFF_TMSIZE_T_MAX / 16 &&
366 tif->tif_scanlinesize * 16 < TIFF_TMSIZE_T_MAX - 5000 )
367 {
368 read_ahead = tif->tif_scanlinesize * 16 + 5000;
369 }
370 else
371 {
372 read_ahead = tif->tif_scanlinesize;
373 }
374 }
375
376 /*
377 * If we haven't loaded this strip, do so now, possibly
378 * only reading the first part.
379 */
380 if (strip != tif->tif_curstrip) { /* different strip, refill */
381
382 if( whole_strip )
383 {
384 if (!TIFFFillStrip(tif, strip))
385 return (0);
386 }
387 else
388 {
389 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) )
390 return 0;
391 }
392 }
393
394 /*
395 ** If we already have some data loaded, do we need to read some more?
396 */
397 else if( !whole_strip )
398 {
399 if( ((tif->tif_rawdata + tif->tif_rawdataloaded) - tif->tif_rawcp) < read_ahead
400 && (uint64) tif->tif_rawdataoff+tif->tif_rawdataloaded < td->td_stripbytecount[strip] )
401 {
402 if( !TIFFFillStripPartial(tif,strip,read_ahead,0) )
403 return 0;
404 }
405 }
406
407 if (row < tif->tif_row) {
408 /*
409 * Moving backwards within the same strip: backup
410 * to the start and then decode forward (below).
411 *
412 * NB: If you're planning on lots of random access within a
413 * strip, it's better to just read and decode the entire
414 * strip, and then access the decoded data in a random fashion.
415 */
416
417 if( tif->tif_rawdataoff != 0 )
418 {
419 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) )
420 return 0;
421 }
422 else
423 {
424 if (!TIFFStartStrip(tif, strip))
425 return (0);
426 }
427 }
428
429 if (row != tif->tif_row) {
430 /*
431 * Seek forward to the desired row.
432 */
433
434 /* TODO: Will this really work with partial buffers? */
435
436 if (!(*tif->tif_seek)(tif, row - tif->tif_row))
437 return (0);
438 tif->tif_row = row;
439 }
440
441 return (1);
442 }
443
444 int
445 TIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample)
446 {
447 int e;
448
449 if (!TIFFCheckRead(tif, 0))
450 return (-1);
451 if( (e = TIFFSeek(tif, row, sample)) != 0) {
452 /*
453 * Decompress desired row into user buffer.
454 */
455 e = (*tif->tif_decoderow)
456 (tif, (uint8*) buf, tif->tif_scanlinesize, sample);
457
458 /* we are now poised at the beginning of the next row */
459 tif->tif_row = row + 1;
460
461 if (e)
462 (*tif->tif_postdecode)(tif, (uint8*) buf,
463 tif->tif_scanlinesize);
464 }
465 return (e > 0 ? 1 : -1);
466 }
467
468 /*
469 * Calculate the strip size according to the number of
470 * rows in the strip (check for truncated last strip on any
471 * of the separations).
472 */
473 static tmsize_t TIFFReadEncodedStripGetStripSize(TIFF* tif, uint32 strip, uint16* pplane)
474 {
475 static const char module[] = "TIFFReadEncodedStrip";
476 TIFFDirectory *td = &tif->tif_dir;
477 uint32 rowsperstrip;
478 uint32 stripsperplane;
479 uint32 stripinplane;
480 uint32 rows;
481 tmsize_t stripsize;
482 if (!TIFFCheckRead(tif,0))
483 return((tmsize_t)(-1));
484 if (strip>=td->td_nstrips)
485 {
486 TIFFErrorExt(tif->tif_clientdata,module,
487 "%lu: Strip out of range, max %lu",(unsigned long)strip,
488 (unsigned long)td->td_nstrips);
489 return((tmsize_t)(-1));
490 }
491
492 rowsperstrip=td->td_rowsperstrip;
493 if (rowsperstrip>td->td_imagelength)
494 rowsperstrip=td->td_imagelength;
495 stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
496 stripinplane=(strip%stripsperplane);
497 if( pplane ) *pplane=(uint16)(strip/stripsperplane);
498 rows=td->td_imagelength-stripinplane*rowsperstrip;
499 if (rows>rowsperstrip)
500 rows=rowsperstrip;
501 stripsize=TIFFVStripSize(tif,rows);
502 if (stripsize==0)
503 return((tmsize_t)(-1));
504 return stripsize;
505 }
506
507 /*
508 * Read a strip of data and decompress the specified
509 * amount into the user-supplied buffer.
510 */
511 tmsize_t
512 TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
513 {
514 static const char module[] = "TIFFReadEncodedStrip";
515 TIFFDirectory *td = &tif->tif_dir;
516 tmsize_t stripsize;
517 uint16 plane;
518
519 stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
520 if (stripsize==((tmsize_t)(-1)))
521 return((tmsize_t)(-1));
522
523 /* shortcut to avoid an extra memcpy() */
524 if( td->td_compression == COMPRESSION_NONE &&
525 size!=(tmsize_t)(-1) && size >= stripsize &&
526 !isMapped(tif) &&
527 ((tif->tif_flags&TIFF_NOREADRAW)==0) )
528 {
529 if (TIFFReadRawStrip1(tif, strip, buf, stripsize, module) != stripsize)
530 return ((tmsize_t)(-1));
531
532 if (!isFillOrder(tif, td->td_fillorder) &&
533 (tif->tif_flags & TIFF_NOBITREV) == 0)
534 TIFFReverseBits(buf,stripsize);
535
536 (*tif->tif_postdecode)(tif,buf,stripsize);
537 return (stripsize);
538 }
539
540 if ((size!=(tmsize_t)(-1))&&(size<stripsize))
541 stripsize=size;
542 if (!TIFFFillStrip(tif,strip))
543 return((tmsize_t)(-1));
544 if ((*tif->tif_decodestrip)(tif,buf,stripsize,plane)<=0)
545 return((tmsize_t)(-1));
546 (*tif->tif_postdecode)(tif,buf,stripsize);
547 return(stripsize);
548 }
549
550 /* Variant of TIFFReadEncodedStrip() that does
551 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has
552 * succeeded. This avoid excessive memory allocation in case of truncated
553 * file.
554 * * calls regular TIFFReadEncodedStrip() if *buf != NULL
555 */
556 tmsize_t
557 _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
558 void **buf, tmsize_t bufsizetoalloc,
559 tmsize_t size_to_read)
560 {
561 tmsize_t this_stripsize;
562 uint16 plane;
563
564 if( *buf != NULL )
565 {
566 return TIFFReadEncodedStrip(tif, strip, *buf, size_to_read);
567 }
568
569 this_stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
570 if (this_stripsize==((tmsize_t)(-1)))
571 return((tmsize_t)(-1));
572
573 if ((size_to_read!=(tmsize_t)(-1))&&(size_to_read<this_stripsize))
574 this_stripsize=size_to_read;
575 if (!TIFFFillStrip(tif,strip))
576 return((tmsize_t)(-1));
577
578 *buf = _TIFFmalloc(bufsizetoalloc);
579 if (*buf == NULL) {
580 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer");
581 return((tmsize_t)(-1));
582 }
583 _TIFFmemset(*buf, 0, bufsizetoalloc);
584
585 if ((*tif->tif_decodestrip)(tif,*buf,this_stripsize,plane)<=0)
586 return((tmsize_t)(-1));
587 (*tif->tif_postdecode)(tif,*buf,this_stripsize);
588 return(this_stripsize);
589
590
591 }
592
593 static tmsize_t
594 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
595 const char* module)
596 {
597 TIFFDirectory *td = &tif->tif_dir;
598
599 if (!_TIFFFillStriles( tif ))
600 return ((tmsize_t)(-1));
601
602 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
603 if (!isMapped(tif)) {
604 tmsize_t cc;
605
606 if (!SeekOK(tif, td->td_stripoffset[strip])) {
607 TIFFErrorExt(tif->tif_clientdata, module,
608 "Seek error at scanline %lu, strip %lu",
609 (unsigned long) tif->tif_row, (unsigned long) strip);
610 return ((tmsize_t)(-1));
611 }
612 cc = TIFFReadFile(tif, buf, size);
613 if (cc != size) {
614 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
615 TIFFErrorExt(tif->tif_clientdata, module,
616 "Read error at scanline %lu; got %I64u bytes, expected %I64u",
617 (unsigned long) tif->tif_row,
618 (unsigned __int64) cc,
619 (unsigned __int64) size);
620 #else
621 TIFFErrorExt(tif->tif_clientdata, module,
622 "Read error at scanline %lu; got %llu bytes, expected %llu",
623 (unsigned long) tif->tif_row,
624 (unsigned long long) cc,
625 (unsigned long long) size);
626 #endif
627 return ((tmsize_t)(-1));
628 }
629 } else {
630 tmsize_t ma = 0;
631 tmsize_t n;
632 if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
633 ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
634 {
635 n=0;
636 }
637 else if( ma > TIFF_TMSIZE_T_MAX - size )
638 {
639 n=0;
640 }
641 else
642 {
643 tmsize_t mb=ma+size;
644 if (mb>tif->tif_size)
645 n=tif->tif_size-ma;
646 else
647 n=size;
648 }
649 if (n!=size) {
650 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
651 TIFFErrorExt(tif->tif_clientdata, module,
652 "Read error at scanline %lu, strip %lu; got %I64u bytes, expected %I64u",
653 (unsigned long) tif->tif_row,
654 (unsigned long) strip,
655 (unsigned __int64) n,
656 (unsigned __int64) size);
657 #else
658 TIFFErrorExt(tif->tif_clientdata, module,
659 "Read error at scanline %lu, strip %lu; got %llu bytes, expected %llu",
660 (unsigned long) tif->tif_row,
661 (unsigned long) strip,
662 (unsigned long long) n,
663 (unsigned long long) size);
664 #endif
665 return ((tmsize_t)(-1));
666 }
667 _TIFFmemcpy(buf, tif->tif_base + ma,
668 size);
669 }
670 return (size);
671 }
672
673 static tmsize_t
674 TIFFReadRawStripOrTile2(TIFF* tif, uint32 strip_or_tile, int is_strip,
675 tmsize_t size, const char* module)
676 {
677 TIFFDirectory *td = &tif->tif_dir;
678
679 assert( !isMapped(tif) );
680 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
681
682 if (!SeekOK(tif, td->td_stripoffset[strip_or_tile])) {
683 if( is_strip )
684 {
685 TIFFErrorExt(tif->tif_clientdata, module,
686 "Seek error at scanline %lu, strip %lu",
687 (unsigned long) tif->tif_row,
688 (unsigned long) strip_or_tile);
689 }
690 else
691 {
692 TIFFErrorExt(tif->tif_clientdata, module,
693 "Seek error at row %lu, col %lu, tile %lu",
694 (unsigned long) tif->tif_row,
695 (unsigned long) tif->tif_col,
696 (unsigned long) strip_or_tile);
697 }
698 return ((tmsize_t)(-1));
699 }
700
701 if( !TIFFReadAndRealloc( tif, size, 0, is_strip,
702 strip_or_tile, module ) )
703 {
704 return ((tmsize_t)(-1));
705 }
706
707 return (size);
708 }
709
710 /*
711 * Read a strip of data from the file.
712 */
713 tmsize_t
714 TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
715 {
716 static const char module[] = "TIFFReadRawStrip";
717 TIFFDirectory *td = &tif->tif_dir;
718 uint64 bytecount;
719 tmsize_t bytecountm;
720
721 if (!TIFFCheckRead(tif, 0))
722 return ((tmsize_t)(-1));
723 if (strip >= td->td_nstrips) {
724 TIFFErrorExt(tif->tif_clientdata, module,
725 "%lu: Strip out of range, max %lu",
726 (unsigned long) strip,
727 (unsigned long) td->td_nstrips);
728 return ((tmsize_t)(-1));
729 }
730 if (tif->tif_flags&TIFF_NOREADRAW)
731 {
732 TIFFErrorExt(tif->tif_clientdata, module,
733 "Compression scheme does not support access to raw uncompressed data");
734 return ((tmsize_t)(-1));
735 }
736 bytecount = td->td_stripbytecount[strip];
737 if ((int64)bytecount <= 0) {
738 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
739 TIFFErrorExt(tif->tif_clientdata, module,
740 "%I64u: Invalid strip byte count, strip %lu",
741 (unsigned __int64) bytecount,
742 (unsigned long) strip);
743 #else
744 TIFFErrorExt(tif->tif_clientdata, module,
745 "%llu: Invalid strip byte count, strip %lu",
746 (unsigned long long) bytecount,
747 (unsigned long) strip);
748 #endif
749 return ((tmsize_t)(-1));
750 }
751 bytecountm = (tmsize_t)bytecount;
752 if ((uint64)bytecountm!=bytecount) {
753 TIFFErrorExt(tif->tif_clientdata, module, "Integer overflow");
754 return ((tmsize_t)(-1));
755 }
756 if (size != (tmsize_t)(-1) && size < bytecountm)
757 bytecountm = size;
758 return (TIFFReadRawStrip1(tif, strip, buf, bytecountm, module));
759 }
760
761 /*
762 * Read the specified strip and setup for decoding. The data buffer is
763 * expanded, as necessary, to hold the strip's data.
764 */
765 int
766 TIFFFillStrip(TIFF* tif, uint32 strip)
767 {
768 static const char module[] = "TIFFFillStrip";
769 TIFFDirectory *td = &tif->tif_dir;
770
771 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
772 return 0;
773
774 if ((tif->tif_flags&TIFF_NOREADRAW)==0)
775 {
776 uint64 bytecount = td->td_stripbytecount[strip];
777 if ((int64)bytecount <= 0) {
778 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
779 TIFFErrorExt(tif->tif_clientdata, module,
780 "Invalid strip byte count %I64u, strip %lu",
781 (unsigned __int64) bytecount,
782 (unsigned long) strip);
783 #else
784 TIFFErrorExt(tif->tif_clientdata, module,
785 "Invalid strip byte count %llu, strip %lu",
786 (unsigned long long) bytecount,
787 (unsigned long) strip);
788 #endif
789 return (0);
790 }
791
792 /* To avoid excessive memory allocations: */
793 /* Byte count should normally not be larger than a number of */
794 /* times the uncompressed size plus some margin */
795 if( bytecount > 1024 * 1024 )
796 {
797 /* 10 and 4096 are just values that could be adjusted. */
798 /* Hopefully they are safe enough for all codecs */
799 tmsize_t stripsize = TIFFStripSize(tif);
800 if( stripsize != 0 &&
801 (bytecount - 4096) / 10 > (uint64)stripsize )
802 {
803 uint64 newbytecount = (uint64)stripsize * 10 + 4096;
804 if( (int64)newbytecount >= 0 )
805 {
806 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
807 TIFFWarningExt(tif->tif_clientdata, module,
808 "Too large strip byte count %I64u, strip %lu. Limiting to %I64u",
809 (unsigned __int64) bytecount,
810 (unsigned long) strip,
811 (unsigned __int64) newbytecount);
812 #else
813 TIFFErrorExt(tif->tif_clientdata, module,
814 "Too large strip byte count %llu, strip %lu. Limiting to %llu",
815 (unsigned long long) bytecount,
816 (unsigned long) strip,
817 (unsigned long long) newbytecount);
818 #endif
819 bytecount = newbytecount;
820 }
821 }
822 }
823
824 if (isMapped(tif)) {
825 /*
826 * We must check for overflow, potentially causing
827 * an OOB read. Instead of simple
828 *
829 * td->td_stripoffset[strip]+bytecount > tif->tif_size
830 *
831 * comparison (which can overflow) we do the following
832 * two comparisons:
833 */
834 if (bytecount > (uint64)tif->tif_size ||
835 td->td_stripoffset[strip] > (uint64)tif->tif_size - bytecount) {
836 /*
837 * This error message might seem strange, but
838 * it's what would happen if a read were done
839 * instead.
840 */
841 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
842 TIFFErrorExt(tif->tif_clientdata, module,
843
844 "Read error on strip %lu; "
845 "got %I64u bytes, expected %I64u",
846 (unsigned long) strip,
847 (unsigned __int64) tif->tif_size - td->td_stripoffset[strip],
848 (unsigned __int64) bytecount);
849 #else
850 TIFFErrorExt(tif->tif_clientdata, module,
851
852 "Read error on strip %lu; "
853 "got %llu bytes, expected %llu",
854 (unsigned long) strip,
855 (unsigned long long) tif->tif_size - td->td_stripoffset[strip],
856 (unsigned long long) bytecount);
857 #endif
858 tif->tif_curstrip = NOSTRIP;
859 return (0);
860 }
861 }
862
863 if (isMapped(tif) &&
864 (isFillOrder(tif, td->td_fillorder)
865 || (tif->tif_flags & TIFF_NOBITREV))) {
866 /*
867 * The image is mapped into memory and we either don't
868 * need to flip bits or the compression routine is
869 * going to handle this operation itself. In this
870 * case, avoid copying the raw data and instead just
871 * reference the data from the memory mapped file
872 * image. This assumes that the decompression
873 * routines do not modify the contents of the raw data
874 * buffer (if they try to, the application will get a
875 * fault since the file is mapped read-only).
876 */
877 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) {
878 _TIFFfree(tif->tif_rawdata);
879 tif->tif_rawdata = NULL;
880 tif->tif_rawdatasize = 0;
881 }
882 tif->tif_flags &= ~TIFF_MYBUFFER;
883 tif->tif_rawdatasize = (tmsize_t)bytecount;
884 tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[strip];
885 tif->tif_rawdataoff = 0;
886 tif->tif_rawdataloaded = (tmsize_t) bytecount;
887
888 /*
889 * When we have tif_rawdata reference directly into the memory mapped file
890 * we need to be pretty careful about how we use the rawdata. It is not
891 * a general purpose working buffer as it normally otherwise is. So we
892 * keep track of this fact to avoid using it improperly.
893 */
894 tif->tif_flags |= TIFF_BUFFERMMAP;
895 } else {
896 /*
897 * Expand raw data buffer, if needed, to hold data
898 * strip coming from file (perhaps should set upper
899 * bound on the size of a buffer we'll use?).
900 */
901 tmsize_t bytecountm;
902 bytecountm=(tmsize_t)bytecount;
903 if ((uint64)bytecountm!=bytecount)
904 {
905 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
906 return(0);
907 }
908 if (bytecountm > tif->tif_rawdatasize) {
909 tif->tif_curstrip = NOSTRIP;
910 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
911 TIFFErrorExt(tif->tif_clientdata, module,
912 "Data buffer too small to hold strip %lu",
913 (unsigned long) strip);
914 return (0);
915 }
916 }
917 if (tif->tif_flags&TIFF_BUFFERMMAP) {
918 tif->tif_curstrip = NOSTRIP;
919 tif->tif_rawdata = NULL;
920 tif->tif_rawdatasize = 0;
921 tif->tif_flags &= ~TIFF_BUFFERMMAP;
922 }
923
924 if( isMapped(tif) )
925 {
926 if (bytecountm > tif->tif_rawdatasize &&
927 !TIFFReadBufferSetup(tif, 0, bytecountm))
928 {
929 return (0);
930 }
931 if (TIFFReadRawStrip1(tif, strip, tif->tif_rawdata,
932 bytecountm, module) != bytecountm)
933 {
934 return (0);
935 }
936 }
937 else
938 {
939 if (TIFFReadRawStripOrTile2(tif, strip, 1,
940 bytecountm, module) != bytecountm)
941 {
942 return (0);
943 }
944 }
945
946
947 tif->tif_rawdataoff = 0;
948 tif->tif_rawdataloaded = bytecountm;
949
950 if (!isFillOrder(tif, td->td_fillorder) &&
951 (tif->tif_flags & TIFF_NOBITREV) == 0)
952 TIFFReverseBits(tif->tif_rawdata, bytecountm);
953 }
954 }
955 return (TIFFStartStrip(tif, strip));
956 }
957
958 /*
959 * Tile-oriented Read Support
960 * Contributed by Nancy Cam (Silicon Graphics).
961 */
962
963 /*
964 * Read and decompress a tile of data. The
965 * tile is selected by the (x,y,z,s) coordinates.
966 */
967 tmsize_t
968 TIFFReadTile(TIFF* tif, void* buf, uint32 x, uint32 y, uint32 z, uint16 s)
969 {
970 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s))
971 return ((tmsize_t)(-1));
972 return (TIFFReadEncodedTile(tif,
973 TIFFComputeTile(tif, x, y, z, s), buf, (tmsize_t)(-1)));
974 }
975
976 /*
977 * Read a tile of data and decompress the specified
978 * amount into the user-supplied buffer.
979 */
980 tmsize_t
981 TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size)
982 {
983 static const char module[] = "TIFFReadEncodedTile";
984 TIFFDirectory *td = &tif->tif_dir;
985 tmsize_t tilesize = tif->tif_tilesize;
986
987 if (!TIFFCheckRead(tif, 1))
988 return ((tmsize_t)(-1));
989 if (tile >= td->td_nstrips) {
990 TIFFErrorExt(tif->tif_clientdata, module,
991 "%lu: Tile out of range, max %lu",
992 (unsigned long) tile, (unsigned long) td->td_nstrips);
993 return ((tmsize_t)(-1));
994 }
995
996 /* shortcut to avoid an extra memcpy() */
997 if( td->td_compression == COMPRESSION_NONE &&
998 size!=(tmsize_t)(-1) && size >= tilesize &&
999 !isMapped(tif) &&
1000 ((tif->tif_flags&TIFF_NOREADRAW)==0) )
1001 {
1002 if (TIFFReadRawTile1(tif, tile, buf, tilesize, module) != tilesize)
1003 return ((tmsize_t)(-1));
1004
1005 if (!isFillOrder(tif, td->td_fillorder) &&
1006 (tif->tif_flags & TIFF_NOBITREV) == 0)
1007 TIFFReverseBits(buf,tilesize);
1008
1009 (*tif->tif_postdecode)(tif,buf,tilesize);
1010 return (tilesize);
1011 }
1012
1013 if (size == (tmsize_t)(-1))
1014 size = tilesize;
1015 else if (size > tilesize)
1016 size = tilesize;
1017 if (TIFFFillTile(tif, tile) && (*tif->tif_decodetile)(tif,
1018 (uint8*) buf, size, (uint16)(tile/td->td_stripsperimage))) {
1019 (*tif->tif_postdecode)(tif, (uint8*) buf, size);
1020 return (size);
1021 } else
1022 return ((tmsize_t)(-1));
1023 }
1024
1025 /* Variant of TIFFReadTile() that does
1026 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
1027 * succeeded. This avoid excessive memory allocation in case of truncated
1028 * file.
1029 * * calls regular TIFFReadEncodedTile() if *buf != NULL
1030 */
1031 tmsize_t
1032 _TIFFReadTileAndAllocBuffer(TIFF* tif,
1033 void **buf, tmsize_t bufsizetoalloc,
1034 uint32 x, uint32 y, uint32 z, uint16 s)
1035 {
1036 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s))
1037 return ((tmsize_t)(-1));
1038 return (_TIFFReadEncodedTileAndAllocBuffer(tif,
1039 TIFFComputeTile(tif, x, y, z, s),
1040 buf, bufsizetoalloc,
1041 (tmsize_t)(-1)));
1042 }
1043
1044 /* Variant of TIFFReadEncodedTile() that does
1045 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
1046 * succeeded. This avoid excessive memory allocation in case of truncated
1047 * file.
1048 * * calls regular TIFFReadEncodedTile() if *buf != NULL
1049 */
1050 tmsize_t
1051 _TIFFReadEncodedTileAndAllocBuffer(TIFF* tif, uint32 tile,
1052 void **buf, tmsize_t bufsizetoalloc,
1053 tmsize_t size_to_read)
1054 {
1055 static const char module[] = "_TIFFReadEncodedTileAndAllocBuffer";
1056 TIFFDirectory *td = &tif->tif_dir;
1057 tmsize_t tilesize = tif->tif_tilesize;
1058
1059 if( *buf != NULL )
1060 {
1061 return TIFFReadEncodedTile(tif, tile, *buf, size_to_read);
1062 }
1063
1064 if (!TIFFCheckRead(tif, 1))
1065 return ((tmsize_t)(-1));
1066 if (tile >= td->td_nstrips) {
1067 TIFFErrorExt(tif->tif_clientdata, module,
1068 "%lu: Tile out of range, max %lu",
1069 (unsigned long) tile, (unsigned long) td->td_nstrips);
1070 return ((tmsize_t)(-1));
1071 }
1072
1073 if (!TIFFFillTile(tif,tile))
1074 return((tmsize_t)(-1));
1075
1076 *buf = _TIFFmalloc(bufsizetoalloc);
1077 if (*buf == NULL) {
1078 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
1079 "No space for tile buffer");
1080 return((tmsize_t)(-1));
1081 }
1082 _TIFFmemset(*buf, 0, bufsizetoalloc);
1083
1084 if (size_to_read == (tmsize_t)(-1))
1085 size_to_read = tilesize;
1086 else if (size_to_read > tilesize)
1087 size_to_read = tilesize;
1088 if( (*tif->tif_decodetile)(tif,
1089 (uint8*) *buf, size_to_read, (uint16)(tile/td->td_stripsperimage))) {
1090 (*tif->tif_postdecode)(tif, (uint8*) *buf, size_to_read);
1091 return (size_to_read);
1092 } else
1093 return ((tmsize_t)(-1));
1094 }
1095
1096 static tmsize_t
1097 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module)
1098 {
1099 TIFFDirectory *td = &tif->tif_dir;
1100
1101 if (!_TIFFFillStriles( tif ))
1102 return ((tmsize_t)(-1));
1103
1104 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
1105 if (!isMapped(tif)) {
1106 tmsize_t cc;
1107
1108 if (!SeekOK(tif, td->td_stripoffset[tile])) {
1109 TIFFErrorExt(tif->tif_clientdata, module,
1110 "Seek error at row %lu, col %lu, tile %lu",
1111 (unsigned long) tif->tif_row,
1112 (unsigned long) tif->tif_col,
1113 (unsigned long) tile);
1114 return ((tmsize_t)(-1));
1115 }
1116 cc = TIFFReadFile(tif, buf, size);
1117 if (cc != size) {
1118 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1119 TIFFErrorExt(tif->tif_clientdata, module,
1120 "Read error at row %lu, col %lu; got %I64u bytes, expected %I64u",
1121 (unsigned long) tif->tif_row,
1122 (unsigned long) tif->tif_col,
1123 (unsigned __int64) cc,
1124 (unsigned __int64) size);
1125 #else
1126 TIFFErrorExt(tif->tif_clientdata, module,
1127 "Read error at row %lu, col %lu; got %llu bytes, expected %llu",
1128 (unsigned long) tif->tif_row,
1129 (unsigned long) tif->tif_col,
1130 (unsigned long long) cc,
1131 (unsigned long long) size);
1132 #endif
1133 return ((tmsize_t)(-1));
1134 }
1135 } else {
1136 tmsize_t ma,mb;
1137 tmsize_t n;
1138 ma=(tmsize_t)td->td_stripoffset[tile];
1139 mb=ma+size;
1140 if ((td->td_stripoffset[tile] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
1141 n=0;
1142 else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
1143 n=tif->tif_size-ma;
1144 else
1145 n=size;
1146 if (n!=size) {
1147 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1148 TIFFErrorExt(tif->tif_clientdata, module,
1149 "Read error at row %lu, col %lu, tile %lu; got %I64u bytes, expected %I64u",
1150 (unsigned long) tif->tif_row,
1151 (unsigned long) tif->tif_col,
1152 (unsigned long) tile,
1153 (unsigned __int64) n,
1154 (unsigned __int64) size);
1155 #else
1156 TIFFErrorExt(tif->tif_clientdata, module,
1157 "Read error at row %lu, col %lu, tile %lu; got %llu bytes, expected %llu",
1158 (unsigned long) tif->tif_row,
1159 (unsigned long) tif->tif_col,
1160 (unsigned long) tile,
1161 (unsigned long long) n,
1162 (unsigned long long) size);
1163 #endif
1164 return ((tmsize_t)(-1));
1165 }
1166 _TIFFmemcpy(buf, tif->tif_base + ma, size);
1167 }
1168 return (size);
1169 }
1170
1171 /*
1172 * Read a tile of data from the file.
1173 */
1174 tmsize_t
1175 TIFFReadRawTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size)
1176 {
1177 static const char module[] = "TIFFReadRawTile";
1178 TIFFDirectory *td = &tif->tif_dir;
1179 uint64 bytecount64;
1180 tmsize_t bytecountm;
1181
1182 if (!TIFFCheckRead(tif, 1))
1183 return ((tmsize_t)(-1));
1184 if (tile >= td->td_nstrips) {
1185 TIFFErrorExt(tif->tif_clientdata, module,
1186 "%lu: Tile out of range, max %lu",
1187 (unsigned long) tile, (unsigned long) td->td_nstrips);
1188 return ((tmsize_t)(-1));
1189 }
1190 if (tif->tif_flags&TIFF_NOREADRAW)
1191 {
1192 TIFFErrorExt(tif->tif_clientdata, module,
1193 "Compression scheme does not support access to raw uncompressed data");
1194 return ((tmsize_t)(-1));
1195 }
1196 bytecount64 = td->td_stripbytecount[tile];
1197 if (size != (tmsize_t)(-1) && (uint64)size < bytecount64)
1198 bytecount64 = (uint64)size;
1199 bytecountm = (tmsize_t)bytecount64;
1200 if ((uint64)bytecountm!=bytecount64)
1201 {
1202 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
1203 return ((tmsize_t)(-1));
1204 }
1205 return (TIFFReadRawTile1(tif, tile, buf, bytecountm, module));
1206 }
1207
1208 /*
1209 * Read the specified tile and setup for decoding. The data buffer is
1210 * expanded, as necessary, to hold the tile's data.
1211 */
1212 int
1213 TIFFFillTile(TIFF* tif, uint32 tile)
1214 {
1215 static const char module[] = "TIFFFillTile";
1216 TIFFDirectory *td = &tif->tif_dir;
1217
1218 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1219 return 0;
1220
1221 if ((tif->tif_flags&TIFF_NOREADRAW)==0)
1222 {
1223 uint64 bytecount = td->td_stripbytecount[tile];
1224 if ((int64)bytecount <= 0) {
1225 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1226 TIFFErrorExt(tif->tif_clientdata, module,
1227 "%I64u: Invalid tile byte count, tile %lu",
1228 (unsigned __int64) bytecount,
1229 (unsigned long) tile);
1230 #else
1231 TIFFErrorExt(tif->tif_clientdata, module,
1232 "%llu: Invalid tile byte count, tile %lu",
1233 (unsigned long long) bytecount,
1234 (unsigned long) tile);
1235 #endif
1236 return (0);
1237 }
1238
1239 /* To avoid excessive memory allocations: */
1240 /* Byte count should normally not be larger than a number of */
1241 /* times the uncompressed size plus some margin */
1242 if( bytecount > 1024 * 1024 )
1243 {
1244 /* 10 and 4096 are just values that could be adjusted. */
1245 /* Hopefully they are safe enough for all codecs */
1246 tmsize_t stripsize = TIFFTileSize(tif);
1247 if( stripsize != 0 &&
1248 (bytecount - 4096) / 10 > (uint64)stripsize )
1249 {
1250 uint64 newbytecount = (uint64)stripsize * 10 + 4096;
1251 if( (int64)newbytecount >= 0 )
1252 {
1253 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1254 TIFFWarningExt(tif->tif_clientdata, module,
1255 "Too large tile byte count %I64u, tile %lu. Limiting to %I64u",
1256 (unsigned __int64) bytecount,
1257 (unsigned long) tile,
1258 (unsigned __int64) newbytecount);
1259 #else
1260 TIFFErrorExt(tif->tif_clientdata, module,
1261 "Too large tile byte count %llu, tile %lu. Limiting to %llu",
1262 (unsigned long long) bytecount,
1263 (unsigned long) tile,
1264 (unsigned long long) newbytecount);
1265 #endif
1266 bytecount = newbytecount;
1267 }
1268 }
1269 }
1270
1271 if (isMapped(tif)) {
1272 /*
1273 * We must check for overflow, potentially causing
1274 * an OOB read. Instead of simple
1275 *
1276 * td->td_stripoffset[tile]+bytecount > tif->tif_size
1277 *
1278 * comparison (which can overflow) we do the following
1279 * two comparisons:
1280 */
1281 if (bytecount > (uint64)tif->tif_size ||
1282 td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) {
1283 tif->tif_curtile = NOTILE;
1284 return (0);
1285 }
1286 }
1287
1288 if (isMapped(tif) &&
1289 (isFillOrder(tif, td->td_fillorder)
1290 || (tif->tif_flags & TIFF_NOBITREV))) {
1291 /*
1292 * The image is mapped into memory and we either don't
1293 * need to flip bits or the compression routine is
1294 * going to handle this operation itself. In this
1295 * case, avoid copying the raw data and instead just
1296 * reference the data from the memory mapped file
1297 * image. This assumes that the decompression
1298 * routines do not modify the contents of the raw data
1299 * buffer (if they try to, the application will get a
1300 * fault since the file is mapped read-only).
1301 */
1302 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) {
1303 _TIFFfree(tif->tif_rawdata);
1304 tif->tif_rawdata = NULL;
1305 tif->tif_rawdatasize = 0;
1306 }
1307 tif->tif_flags &= ~TIFF_MYBUFFER;
1308
1309 tif->tif_rawdatasize = (tmsize_t)bytecount;
1310 tif->tif_rawdata =
1311 tif->tif_base + (tmsize_t)td->td_stripoffset[tile];
1312 tif->tif_rawdataoff = 0;
1313 tif->tif_rawdataloaded = (tmsize_t) bytecount;
1314 tif->tif_flags |= TIFF_BUFFERMMAP;
1315 } else {
1316 /*
1317 * Expand raw data buffer, if needed, to hold data
1318 * tile coming from file (perhaps should set upper
1319 * bound on the size of a buffer we'll use?).
1320 */
1321 tmsize_t bytecountm;
1322 bytecountm=(tmsize_t)bytecount;
1323 if ((uint64)bytecountm!=bytecount)
1324 {
1325 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
1326 return(0);
1327 }
1328 if (bytecountm > tif->tif_rawdatasize) {
1329 tif->tif_curtile = NOTILE;
1330 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
1331 TIFFErrorExt(tif->tif_clientdata, module,
1332 "Data buffer too small to hold tile %lu",
1333 (unsigned long) tile);
1334 return (0);
1335 }
1336 }
1337 if (tif->tif_flags&TIFF_BUFFERMMAP) {
1338 tif->tif_curtile = NOTILE;
1339 tif->tif_rawdata = NULL;
1340 tif->tif_rawdatasize = 0;
1341 tif->tif_flags &= ~TIFF_BUFFERMMAP;
1342 }
1343
1344 if( isMapped(tif) )
1345 {
1346 if (bytecountm > tif->tif_rawdatasize &&
1347 !TIFFReadBufferSetup(tif, 0, bytecountm))
1348 {
1349 return (0);
1350 }
1351 if (TIFFReadRawTile1(tif, tile, tif->tif_rawdata,
1352 bytecountm, module) != bytecountm)
1353 {
1354 return (0);
1355 }
1356 }
1357 else
1358 {
1359 if (TIFFReadRawStripOrTile2(tif, tile, 0,
1360 bytecountm, module) != bytecountm)
1361 {
1362 return (0);
1363 }
1364 }
1365
1366
1367 tif->tif_rawdataoff = 0;
1368 tif->tif_rawdataloaded = bytecountm;
1369
1370 if (!isFillOrder(tif, td->td_fillorder) &&
1371 (tif->tif_flags & TIFF_NOBITREV) == 0)
1372 TIFFReverseBits(tif->tif_rawdata,
1373 tif->tif_rawdataloaded);
1374 }
1375 }
1376 return (TIFFStartTile(tif, tile));
1377 }
1378
1379 /*
1380 * Setup the raw data buffer in preparation for
1381 * reading a strip of raw data. If the buffer
1382 * is specified as zero, then a buffer of appropriate
1383 * size is allocated by the library. Otherwise,
1384 * the client must guarantee that the buffer is
1385 * large enough to hold any individual strip of
1386 * raw data.
1387 */
1388 int
1389 TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
1390 {
1391 static const char module[] = "TIFFReadBufferSetup";
1392
1393 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
1394 tif->tif_flags &= ~TIFF_BUFFERMMAP;
1395
1396 if (tif->tif_rawdata) {
1397 if (tif->tif_flags & TIFF_MYBUFFER)
1398 _TIFFfree(tif->tif_rawdata);
1399 tif->tif_rawdata = NULL;
1400 tif->tif_rawdatasize = 0;
1401 }
1402 if (bp) {
1403 tif->tif_rawdatasize = size;
1404 tif->tif_rawdata = (uint8*) bp;
1405 tif->tif_flags &= ~TIFF_MYBUFFER;
1406 } else {
1407 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64((uint64)size, 1024);
1408 if (tif->tif_rawdatasize==0) {
1409 TIFFErrorExt(tif->tif_clientdata, module,
1410 "Invalid buffer size");
1411 return (0);
1412 }
1413 /* Initialize to zero to avoid uninitialized buffers in case of */
1414 /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
1415 tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
1416 tif->tif_flags |= TIFF_MYBUFFER;
1417 }
1418 if (tif->tif_rawdata == NULL) {
1419 TIFFErrorExt(tif->tif_clientdata, module,
1420 "No space for data buffer at scanline %lu",
1421 (unsigned long) tif->tif_row);
1422 tif->tif_rawdatasize = 0;
1423 return (0);
1424 }
1425 return (1);
1426 }
1427
1428 /*
1429 * Set state to appear as if a
1430 * strip has just been read in.
1431 */
1432 static int
1433 TIFFStartStrip(TIFF* tif, uint32 strip)
1434 {
1435 TIFFDirectory *td = &tif->tif_dir;
1436
1437 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1438 return 0;
1439
1440 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) {
1441 if (!(*tif->tif_setupdecode)(tif))
1442 return (0);
1443 tif->tif_flags |= TIFF_CODERSETUP;
1444 }
1445 tif->tif_curstrip = strip;
1446 tif->tif_row = (strip % td->td_stripsperimage) * td->td_rowsperstrip;
1447 tif->tif_flags &= ~TIFF_BUF4WRITE;
1448
1449 if (tif->tif_flags&TIFF_NOREADRAW)
1450 {
1451 tif->tif_rawcp = NULL;
1452 tif->tif_rawcc = 0;
1453 }
1454 else
1455 {
1456 tif->tif_rawcp = tif->tif_rawdata;
1457 if( tif->tif_rawdataloaded > 0 )
1458 tif->tif_rawcc = tif->tif_rawdataloaded;
1459 else
1460 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip];
1461 }
1462 return ((*tif->tif_predecode)(tif,
1463 (uint16)(strip / td->td_stripsperimage)));
1464 }
1465
1466 /*
1467 * Set state to appear as if a
1468 * tile has just been read in.
1469 */
1470 static int
1471 TIFFStartTile(TIFF* tif, uint32 tile)
1472 {
1473 static const char module[] = "TIFFStartTile";
1474 TIFFDirectory *td = &tif->tif_dir;
1475 uint32 howmany32;
1476
1477 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1478 return 0;
1479
1480 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) {
1481 if (!(*tif->tif_setupdecode)(tif))
1482 return (0);
1483 tif->tif_flags |= TIFF_CODERSETUP;
1484 }
1485 tif->tif_curtile = tile;
1486 howmany32=TIFFhowmany_32(td->td_imagewidth, td->td_tilewidth);
1487 if (howmany32 == 0) {
1488 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles");
1489 return 0;
1490 }
1491 tif->tif_row = (tile % howmany32) * td->td_tilelength;
1492 howmany32=TIFFhowmany_32(td->td_imagelength, td->td_tilelength);
1493 if (howmany32 == 0) {
1494 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles");
1495 return 0;
1496 }
1497 tif->tif_col = (tile % howmany32) * td->td_tilewidth;
1498 tif->tif_flags &= ~TIFF_BUF4WRITE;
1499 if (tif->tif_flags&TIFF_NOREADRAW)
1500 {
1501 tif->tif_rawcp = NULL;
1502 tif->tif_rawcc = 0;
1503 }
1504 else
1505 {
1506 tif->tif_rawcp = tif->tif_rawdata;
1507 if( tif->tif_rawdataloaded > 0 )
1508 tif->tif_rawcc = tif->tif_rawdataloaded;
1509 else
1510 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile];
1511 }
1512 return ((*tif->tif_predecode)(tif,
1513 (uint16)(tile/td->td_stripsperimage)));
1514 }
1515
1516 static int
1517 TIFFCheckRead(TIFF* tif, int tiles)
1518 {
1519 if (tif->tif_mode == O_WRONLY) {
1520 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "File not open for reading");
1521 return (0);
1522 }
1523 if (tiles ^ isTiled(tif)) {
1524 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, tiles ?
1525 "Can not read tiles from a stripped image" :
1526 "Can not read scanlines from a tiled image");
1527 return (0);
1528 }
1529 return (1);
1530 }
1531
1532 void
1533 _TIFFNoPostDecode(TIFF* tif, uint8* buf, tmsize_t cc)
1534 {
1535 (void) tif; (void) buf; (void) cc;
1536 }
1537
1538 void
1539 _TIFFSwab16BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1540 {
1541 (void) tif;
1542 assert((cc & 1) == 0);
1543 TIFFSwabArrayOfShort((uint16*) buf, cc/2);
1544 }
1545
1546 void
1547 _TIFFSwab24BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1548 {
1549 (void) tif;
1550 assert((cc % 3) == 0);
1551 TIFFSwabArrayOfTriples((uint8*) buf, cc/3);
1552 }
1553
1554 void
1555 _TIFFSwab32BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1556 {
1557 (void) tif;
1558 assert((cc & 3) == 0);
1559 TIFFSwabArrayOfLong((uint32*) buf, cc/4);
1560 }
1561
1562 void
1563 _TIFFSwab64BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1564 {
1565 (void) tif;
1566 assert((cc & 7) == 0);
1567 TIFFSwabArrayOfDouble((double*) buf, cc/8);
1568 }
1569
1570 /* vim: set ts=8 sts=8 sw=8 noet: */
1571 /*
1572 * Local Variables:
1573 * mode: c
1574 * c-basic-offset: 8
1575 * fill-column: 78
1576 * End:
1577 */